How to Recover from a BSOD

Blue Screen of Death. Those four words strike fear into the hearts of users everywhere, and the IT professional who can fix the BSOD is akin to a superhero. In this article, David Prowse offers some great tips for reading the blue screen errors and making fixes that can save a computer from the brink of disaster.

From the author of

From the author of

A BSOD (Blue Screen of Death) is when a computer halts and displays a blue screen with an error message and defining information. It is also known as a stop error by Microsoft, and in Windows is called a System failure. Whatever you call it, this is an error that a Windows operating system cannot immediately recover from.

In some cases, this is a one time failure due to a power surge or an anomaly of some sort. If that is the case, and if you are dealing with a client computer, the computer can be re-booted (if it doesn’t reboot itself) and the problem will likely not happen again. But if the blue screen appears two or three times, it will need to be investigated thoroughly. If the computer is a server, a blue screen should be investigated even if it happens only once. Failures could be hardware or software related. For example, the hard disk or network adapter might fail, or there could be a problem with the registry or an individual system file. Those are just a few examples, as there are a lot of causes of blue screens.

We will look at how to read a blue screen error, how to fix basic problems that cause blue screens, and how to configure the computer to recover and reboot in case a blue screen does occur.

How to Read a Blue Screen Error and Fix Basic Problems

Blue screen errors can be daunting at first, but relax, and I’ll explain exactly what you might see. Figure
1 shows an example of a Blue Screen Error.

This is a simpler blue screen that is, for the most part, in plain English. It tells you that Windows detected an error and has stopped booting so as to prevent damage to your computer. It then goes on to “guess” that the error is caused by a specific file: SPCMDCON.SYS. This Windows file could be damaged, or it could be the victim of a virus. In an effort to fix the problem, the blue screen gives some simple advice such as checking your hardware and software; but beyond this, you could try two more things. First, replace the file from the Recovery Console; this will fix a problem with a corrupt file. Second, scan the system in Safe Mode with your anti-virus software; this should fix a problem caused by a virus. Of course, there are lots of factors and possibilities, so you need to keep an open mind when troubleshooting BSODs!

Unfortunately, a BSOD can get more complicated. Some blue screens will list a Stop error code, followed by a list of drivers. In some cases, the last driver listed is the one that failed. In other cases, the driver that failed is not listed, but it can be determined by using the Windows program Dumpexam.exe, which is supplied with the Windows disc. After a BSOD occurs, you might consider doing a disk defrag, or at worst, re-imaging the system. You will note that imaged systems suffer from BSODs more than manually-installed operating systems. (Note that this article is meant to explain how to recover from a BSOD, not troubleshoot the issues that cause them.)

The best way to help a computer recover from a BSOD is to configure manually within the operating system.

Configuring Windows to Recover from a BSOD Step-by-Step

In this step-by-step, I will explain how to configure Windows 7 to automatically restart after a stop error. While most installations of Windows 7 will already be configured to automatically restart, it is good to know where to configure this, especially if you need to make changes to the configuration. Other Windows operating systems might not be configured for this by default, but the steps to configure them are done in a similar manner.

In the System failure section,
checkmark the options “Write
an event to the system log” and “Automatically
restart.”

Set the debugging information
drop down menu to “Kernel
memory dump.” This should
display a dump file and path
called %SystemRoot%\MEMORY.DMP.
In most cases, %SystemRoot%
will be Windows. This is the
default location for the MEMORY.DMP
file, which can later be analyzed
with dumpexam.exe.

Click OK for
the Startup and Recovery dialog
box and OK again
for the System Properties dialog
box.

If space is at a premium at your organization, you might select the Small memory dump (256 KB) option. You can also opt to write the debugging information to a different location, perhaps on a separate partition.

Note that we selected the option to write an event to the system log. The system log is found in the Event Viewer. When a BSOD occurs, you should be able to view the event (as long as you can get into the operating system afterwards) to help troubleshoot the cause. By using your knowledge of the Event Viewer, some basic troubleshooting skills, and dumpexam.exe (or similar memory dump analysis tools), you should be able to recover from and fix any issues that cause stop errors.